KEM Combiners

Key-encapsulation mechanisms (KEMs) are a common stepping stone for constructing public-key encryption. Secure KEMs can be built from diverse assumptions, including ones related to integer factorization, discrete logarithms, error correcting codes, or lattices. In light of the recent NIST call for post-quantum secure PKE, the zoo of KEMs that are believed to be secure continues to grow. Yet, on the question of which is the most secure KEM opinions are divided. While using the best candidate might actually not seem necessary to survive everyday life situations, placing a wrong bet can actually be devastating, should the employed KEM eventually turn out to be vulnerable. We introduce KEM combiners as a way to garner trust from different KEM constructions, rather than relying on a single one: We present efficient black-box constructions that, given any set of ‘ingredient’ KEMs, yield a new KEM that is (CCA) secure as long as at least one of the ingredient KEMs is. As building blocks our constructions use cryptographic hash functions and blockciphers. Some corresponding security proofs require idealized models for these primitives, others get along on standard assumptions.

[1]  Marc Fischlin,et al.  Multi-property Preserving Combiners for Hash Functions , 2008, TCC.

[2]  David Cash,et al.  Combiners for Chosen-Ciphertext Security , 2016, COCOON.

[3]  Eike Kiltz,et al.  A Modular Analysis of the Fujisaki-Okamoto Transformation , 2017, TCC.

[4]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[5]  Pooya Farshim,et al.  Random-Oracle Uninstantiability from Indistinguishability Obfuscation , 2015, TCC.

[6]  Junji Shikata,et al.  On the Security of Multiple Encryption or CCA-security+CCA-security=CCA-security? , 2004, Public Key Cryptography.

[7]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[8]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[9]  Marc Fischlin,et al.  Security-Amplifying Combiners for Collision-Resistant Hash Functions , 2007, CRYPTO.

[10]  Jonathan Katz,et al.  Chosen-Ciphertext Security of Multiple Encryption , 2005, TCC.

[11]  Oded Goldreich,et al.  On the power of cascade ciphers , 1985, TOCS.

[12]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[13]  Moni Naor,et al.  Universal Constructions and Robust Combiners for Indistinguishability Obfuscation and Witness Encryption , 2016, CRYPTO.

[14]  Marc Fischlin,et al.  Robust Multi-property Combiners for Hash Functions Revisited , 2008, ICALP.

[15]  Marc Fischlin,et al.  Obfuscation Combiners , 2016, CRYPTO.

[16]  Martin E. Hellman,et al.  On the security of multiple encryption , 1981, CACM.

[17]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[18]  Allison Bishop,et al.  Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security , 2012, EUROCRYPT.

[19]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[20]  Douglas Stebila,et al.  Plaintext awareness in identity-based key encapsulation , 2013, International Journal of Information Security.

[21]  Amir Herzberg,et al.  On Tolerant Cryptographic Constructions , 2005, CT-RSA.